Summary
Textpattern is an open source content management system unlike any other; it allows you to easily create, edit and publish content and make it beautiful in a professional, standards-compliant manner.
Description
Textpattern CMS version 4.2.0 suffers from a XSS vulnerability. Input passed via the "q" parameter to Textpattern (TXP) Tag Library (txplib_db.php) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Tag error: -> Textpattern Warning: Got error 'empty (sub)expression' from regexp
select count(*) from textpattern where 1=1 and Status = 4 and Posted <= now() and (now() <= Expires or
Expires = '0000-00-00 00:00:00') and (`Title` rlike '\0' or `Body` rlike '\0') on line 85
Tag error: -> Textpattern Warning: Got error 'empty (sub)expression' from regexp
select *, unix_timestamp(Posted) as uPosted, unix_timestamp(Expires) as uExpires, unix_timestamp(LastMod) as
uLastMod, match (`Title`, `Body`) against ('\0') as score from textpattern where 1=1 and Status = 4 and
Posted <= now() and (now() <= Expires or Expires = '0000-00-00 00:00:00') and (`Title` rlike '\0' or
`Body` rlike '\0') order by score desc limit 0, 5 on line 85
Line 71 - \TEXTPATTERN_ROOT_FOLDER\textpattern\lib\txplib_db.php: function safe_query($q='',$debug='',$unbuf='')